The present invention relates to distribution of applications, and more particularly to improving security using such application distribution.
This section is intended to provide a background or context to the invention disclosed below. The description herein may include concepts that could be pursued, but are not necessarily ones that have been previously conceived, implemented or described. Therefore, unless otherwise explicitly indicated herein, what is described in this section is not prior art to the description in this application and is not admitted to be prior art by inclusion in this section.
Recent trends show that vulnerabilities in third party software are quickly outpacing vulnerabilities in software from primary vendors or in operating systems. These vulnerabilities can easily be exploited by adversaries to take control of a user device, perform unwanted actions on behalf of the user, or leak or otherwise compromise sensitive information.
To compound this problem, there has been proliferation in third-party distributors of applications. These third-party distributors are also markets, or “App Stores”, and these make finding and installing third party software easy for end users. For example, the Apple Store and Android Play markets have allowed end users to install applications from thousands of small and relatively unknown developers on millions of end devices.
When an end user installs an application, the end user is providing the application the ability to run code on the end user's device, and possibly access a wide variety of sensors. Trust in the third party applications is crucial, especially as more end users begin to perform banking, online trading, and other high-value or sensitive operations on these devices, and as such devices begin to be adopted by businesses as supplements or replacements for traditional laptop and desktop computers.
Currently, the end user must trust the developers to not perform malicious actions. The authenticity of an application is often verified through the use of a digital signature. This, however, does not guarantee the application does not contain malicious code or vulnerabilities that can be exploited. Some App Stores, such as the iTunes/iOS AppStore run by Apple, requires the owner (Apple in this example) to vet each submission, potentially limiting the malicious applications that are accepted. Similarly, Google employs a process called Bouncer (basically, an antivirus/antimalware scanner) to analyze applications for malicious behavior.
A stealthy developer may be able to exploit a vulnerability, either intentionally or accidentally, to execute arbitrary code on the device, possibly using an attack known as return oriented programming (ROP). In ROP, existing benign code snippets are chained together such that behavior was not intended or desired by the end user or original developer is performed. While some solutions to prevent ROP exist, they are either computationally intensive or do not work in an environment such as iOS and Android, where applications are digitally signed and whose signature must be valid before an application can be executed.